Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Rose.exe Or What ...need Urgent Help

  • Please log in to reply
4 replies to this topic

#1 nadeemasi


  • Members
  • 1 posts
  • Local time:05:05 AM

Posted 12 April 2007 - 09:51 AM

HI.....I am running Win Xp...few days back i came across a problem that i saw alien language on right click on my hard drives....then later on I could not browse them at all by opening them....I browsed the net...and found that it could be Rose.exe...I searhed for its removal tool but only found manual removal instructions ...which I followed...now I don;t know wether worm is still here or not but still i can not browse the hard disks....
I did
Showed hidden files
Searched the process ....rose.exe but found none
Run registry and searched for rose.exe found none
Deleted Autorun.inf, run.reg, systemdate.ini from all partitions
Disabled system restore
Run TrendMicro updated version....

But problem is still there....
Please help...what to do next?

Moderator Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 12 April 2007 - 12:26 PM.

BC AdBot (Login to Remove)


#2 jwinathome


  • Members
  • 1,360 posts
  • Gender:Male
  • Location:Atlanta, Georgia
  • Local time:06:05 AM

Posted 12 April 2007 - 10:13 AM

You should start a new thread in the security section with a HIJACKTHIS log for someone to help you remove the malware.

#3 jgweed


  • Members
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:05 AM

Posted 12 April 2007 - 10:17 AM

Please carefully read and follow the instructions in the HJT Preparation Guide, linked to below, then submit a log to our volunteer team of experts for them to analysis and work with you to get rid of any malware they find in the log data.


Whereof one cannot speak, thereof one should be silent.

#4 dc3


    Bleeping Treehugger

  • Members
  • 30,714 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:05 AM

Posted 12 April 2007 - 10:42 AM

Hi nadeemasi, and welcome to BC.

From what I've been able to find there usually is an error message that includes the name rose.exe, did you have a message associated with the problem?

Did you run any scans with anything other than the TrendMicro? Try downloading and running Asquared. The most effective way is in safe mode.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





#5 fozzie


    aut viam inveniam aut faciam

  • Members
  • 3,516 posts
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:11:05 AM

Posted 12 April 2007 - 11:40 AM

This memory-resident worm propagates by listing all existing hard disk drives on the affected system and then dropping a copy of itself in the root folder of the found hard disk drives. It also drops the file, AUTORUN.INF, in the same location. This file ensures that the dropped copy of this worm is automatically executed at every system startup.

When executed, it drops a copy of itself as, rose.exe, in the root folder. It sets its file attributes to System, Read-only, and Hidden to avoid detection. It also drops several components and non-malicious files in certain folders.

This explains why you could not find it.

Please follow jgweed's instructions. Afgter you have posted a HJT Do not make any changes to your system since this will confuse the expert handling your log

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users